@cryptgoat @signalapp @Mer__edith I sincerely doubt that.
- Just like #Signal doesn't ditch #MobileCoin or the demand for a #PhoneNumber for good...
@cryptgoat @signalapp @Mer__edith I sincerely doubt that.
A Researcher Figured Out How to Reveal Any #PhoneNumber Linked to a #GoogleAccount
A Researcher Figured Out How to Reveal Any #PhoneNumber Linked to a #Google Account
Phone numbers are a goldmine for #SIM swappers. A researcher found how to get this precious piece of information through a clever brute-force attack.
#privacy
Interesting set of developments that someone was able to figure out how to extract your mobile numbers from Google accounts
If this White Hat had found it and told Google to Plug The Leak it may have meant black hats found it a long time ago and exploited it in the Wild
Warning paywall
Google Shared My Phone Number
https://danq.me/2025/05/21/google-shared-my-phone-number/
#HackerNews #Google #Privacy #PhoneNumber #DataBreach #Security
@silhouette @richi @signalapp @torproject
1.
You completely miss the points! There is no "#TechnicalNecessity" to demand #PII like a #PhoneNumber - espechally for a "#privacy"-focussed messenger!
2. & 3.
#Signal is able and willing to comply with #Cyberfacism and pushing a #Shitcoin (#MobileCoin) makes it trivial to criminalize the App for "illegal & unregilated banking". If #Moxie or @Mer__edith cared they'd yeet that thing (or didn't even integrate it to begin with!) to avoid the attention. And yes Signal does restrict the App functionality when using a phone number from #Russia & #Iran (among other nations), thus affecting not only those in need of safe comms but by sending a verification code to them, earmarking them for police & intelligence. Which bings.me to the 1st agrument.
4.
#Tor has a stellar record in terms of stability, integrity and censorship circumvention. DIY'ing something instead if following almost two decades of solid progress is absurd and violates "don't roll your own crypto" as a rule!
5.
Only with #SelfCustody can you protect your own data. Or do you really expect Staff from Signal to not talk when facing lifetime in jail? If they have the keys, they can decrypt it, thus their #E2EE is just a "#TrustMeBro!" concept. I mean, what prevents them from being forced into backdooring all comms to @icij as per #NSL? Any "guarantee" without self-custody is worthless by virtue of being unenforceable!
Signal pushing #TechPopulism instead of teaching folks that their #ComSec is worth diddly-piss wothout.#OpSec, #InfoSec & #ITsec is dangerous!
Not to mention there are better options that don't do that shite (i.e. demand PII) and just work. @monocles / #monoclesChat & @delta / #deltaChat for example can adapt way better to said risks and ain't run by a #VCmoneyBurningParty!
@richi Except @signalapp is not "#Privacy-first" cuz if #Signal did, they'd not.demand #PII (#PhoneNumber) nor remain in the #USA (#CloudAct) nor peddle #Shitcoin-#Scams (#MobileCoin) and put their tech on @torproject / #Tor and fully #decentralized.with 100% #SelfCustody of all the keys!
@GossiTheDog @signalapp it merely prevents #Screenshots by claiming it's #DRM'd content.
It's a mere ask and #Microsoft could specifically close that #API and make it subject to contractual agreements (as they did with their #Antivirus API calls to disable #WindowsDefender!) if they decide this is against their wishes.
It also doesn't prevent the #Keylogger nor works against the known #CryptoAPI #backdoor affecting all #Browsers (except #Firefox and @torproject / #TorBrowser) which can be triggered by a single #HTTPS request.
The correct solution for #Signal would be to alert all their users and specifically block #Windows in general or at least #Windows11 simply because it is a #Govware and empirically cannot be made private or secure.
But that would require them to actually give a shit, which thed don't, cuz otherwise they would've stopped demanding #PII like a #PhoneNumber and moved out of juristiction of #CloudAct.
Since they are highly centralized.they certainly are capable to comply with "#Sanctions" (or whatever bs he'll claim!)...
@dave_andersen @AVincentInSpace personally I consider any "#KYC" a risk-factor, and @signalapp has proven their ability and willingness to restrict functionality (i.e. their #Shitcoin-#Scam #MobileCoin) based off said #PhoneNumbers (Cuban, Russian and North Korean Numbers were excluded) which are in fact #PII (even if one doesn't have to #ID for obtaining a #SIM, they are circumstantial PII)...
Either way they either have to yeet #Hegseth as client and/or stop collecting PII like PhoneNumbers - they gotta have to do something…
#ITsec is a different story, but unlike #Signal these do not depend on a #PhoneNumber and work through @torproject / #Tor.
Your mistakes makes no difference to us. But it’s our mission to educate you
Thanks @oliora for the picture
@lastquake a #XMPP-#Bot would be even better, as #Telegram demands #PII in the form of a #PhoneNumber!
@dzwiedziu @fj @signalapp not really, as the #Metadata #FUD cited by #Signal is mitigateable with proper measures.
Every claim that things like #ITsec, #InfoSec, #OpSec & #ComSec can be solved with "Just use Signal!" is "#TechPopulism" at best if not being a "#UsefulIdiot"!
@pixelcode @taylan Your nonchalant "So what?" gets people publicly murdered by the state in many juristictions...
If things were so easy as in "JuSt UsE sIgNaL!" then @signalapp would be shut down.
If you do think so then you should really get some professional help, cuz you seem rather lost...
It's #centralization is an absolute nightmare and mist be deemed as criminally neglectful!
@Andromxda @pixelcode How can you claim something you can't evidence?
It makes you look like one of those folks shilling #VPN|s that ain't logless after all...
At least they should be honest about things and not claim bs, cuz demanding a #PhoneNumber is just #KYC with extra steps like demanding any #SSN or other #PII. Makes them look like chinese MMORPGs that demand ID card numbers for account signups, thus #paywalling the ability to use their service anonymously...
@signalapp I disagree because your platform is #proprietary, #SingleVendor, #SingleProvider and doesn't allow for #SelfHosting, #SelfCustody of all the Keys and you demand #PII in the form of a #PhoneNumber which can be used.to track users down!
@walkinglampshade @jrredho @fj It's basic #InfoSec, really:
Thus #Signal fails at protevting #Journalists and theor sources because they do have that data and can be #subopena'd for it if they don't already provide #BulkSurveillance & #LawfulInterception #API|s to comply with #CloudAct. (Or are you guys so naive and believe @Mer__edith will risk dying of old age in jail for non-paying users?)
And if you believe "this won't ne used/abused me because I'm from 'Murica!" and point at #ANØM as an example, then you really ignored all tze #Cyberfacism since 9/11…
@nemo Except #Signal demanding #PII like a #PhoneNumber, being subject to #CloudAct an shilling #MobileCoin, a blatant #Shitcoin #Scam disqualifies them!
@licho @osman provide evidence the code @signalapp released is actually being deployed.
git
and builds it from source.Not to mention pushing a #Shitcoin-#Scam (#MobileCoin) disqualifies #Signal per very design!
https://www.youtube.com/watch?v=tJoO2uWrX1M
And don't even get me started on the fact.it's not sustainable to run it as a #VCmoneyBurningParty!
Same as identifying users: They already got a #PhoneNumber which in many juristictions one can't even obtain without #ID legally, thus making it super easy to i.e. find and locate a user. Even tze cheapest LEAs can force their local M(V)NOs to #SS7 a specific number...
Again: Signal has a #Honeypot stench, and you better learn proper #E2EE, #SelfCustody and #TechLiteracy because corporations can't pull the 5th [Amendment] on your behalf!
@soatok @jwildeboer I still disagree because it completely ignores @signalapp being #centralized, #SingleVendor & #SinglePrivider, demanding #PII in the form of a #PhoneNumber, being able and willing to restrict functionality based off that and being subject to #CloudAct.